[SOLVED] Encryption keys recovery - possible?

D

DerekG

Active Member
Mar 30, 2021
66
21
28
45
Hi all,

I'm posting this here on the off chance that there is a solution to my problem.

I have a fully operational PBS with encrypted backup for around the last 2-3 years.

I recently setup a second PBS for use as an off-site synced backup server, all is working except I can restore from the new server due to the wrong encryption keys.

I do have the text of some keys stored, but none of them seem to work, and this situation has actually highlighted the fact that was my original pbs to fail, I wouldn't be able to rebuild and recover any of those backups.

Is there any possible way that I can recover the encryption keys from the original pbs, or do I have to start the entire backup process again?
(For information, this is a home-lab with around 25 active VM's/CT's, but my backup datastore has around 60 of them)

Any assistance would be much appreciated.

Thanks - DerekG
 
If the PBS in question is still added/present as a storage in a PVE, have a look in: /etc/pve/priv/storage/ (the .enc file(s)) on that PVE.
 
  • Like
Reactions: pvps1 and UdoB
Perfect,

I found the enc file, added to the 2nd pbs, and now I can restore the synced backup OK.

I've also stored the file in a safe location so both of my issues are solved.

Thank you Neobin, that saved me a lot of work here.
 
  • Like
Reactions: Neobin
@DerekG : Could you please explain how you did this => adding .enc file to the remote PBS - just put that file in the same directory as on the first PBS?
 
Last edited:
rudolfo1967 said:
@DerekG : Could you please explain how you did this => adding .enc file to the remote PBS - just put that file in the same directory as on the first PBS?
Click to expand...
Is the original Proxmox host still operational?
If yes:
The encryption key file for Proxmox Backup Server (PBS) is stored in the file /etc/pve/priv/storage/.enc on the Proxmox host.

I suggest that you keep this file in a password manager or somewhere else as it will be needed if you recreate the Proxmox host and want access to the backup in PBS.

Hope that helps.
 
Hello @DerekG - i copied the .enc and .pw file from the original host to the same directory on the new host. But when i try to restore an encrypted backup i get an error => see attachment remote_pve_host_restore_failure.jpg
 
rudolfo1967 said:
Hello @DerekG - i copied the .enc and .pw file from the original host to the same directory on the new host. But when i try to restore an encrypted backup i get an error => see attachment View attachment 91806
Click to expand...

Did you reboot after copying the key? I don't know enough to understand which services need to be restarted.

That error is telling you that the encryption was created with a different key. The only way to restore is to have the PBS backup and the PVE keys match.
 
You must log in or register to reply here.
Top Bottom